draft-ietf-secsh-filexfer-02.txt   draft-ietf-secsh-filexfer-03.txt 
Network Working Group T. Ylonen Secure Shell Working Group J. Galbraith
Internet-Draft S. Lehtinen Internet-Draft VanDyke Software
Expires: April 1, 2002 SSH Communications Security Corp Expires: April 16, 2003 T. Ylonen
October 2001 S. Lehtinen
SSH Communications Security Corp
October 16, 2002
SSH File Transfer Protocol SSH File Transfer Protocol
draft-ietf-secsh-filexfer-02.txt draft-ietf-secsh-filexfer-03.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 32 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt. www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 1, 2002. This Internet-Draft will expire on April 16, 2003.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract Abstract
The SSH File Transfer Protocol provides secure file transfer The SSH File Transfer Protocol provides secure file transfer
functionality over any reliable data stream. It is the standard file functionality over any reliable data stream. It is the standard file
transfer protocol for use with the SSH2 protocol. This document transfer protocol for use with the SSH2 protocol. This document
describes the file transfer protocol and its interface to the SSH2 describes the file transfer protocol and its interface to the SSH2
protocol suite. protocol suite.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 3
2. Use with the SSH Connection Protocol . . . . . . . . . . . . 4 2. Use with the SSH Connection Protocol . . . . . . . . . . . 4
3. General Packet Format . . . . . . . . . . . . . . . . . . . 5 3. General Packet Format . . . . . . . . . . . . . . . . . . 5
4. Protocol Initialization . . . . . . . . . . . . . . . . . . 7 4. Protocol Initialization . . . . . . . . . . . . . . . . . 7
5. File Attributes . . . . . . . . . . . . . . . . . . . . . . 8 4.1 Client Initialization . . . . . . . . . . . . . . . . . . 7
6. Requests From the Client to the Server . . . . . . . . . . . 10 4.2 Server Initialization . . . . . . . . . . . . . . . . . . 7
6.1 Request Synchronization and Reordering . . . . . . . . . . . 10 4.3 Determining Server Newline Convention . . . . . . . . . . 8
6.2 File Names . . . . . . . . . . . . . . . . . . . . . . . . . 11 5. File Attributes . . . . . . . . . . . . . . . . . . . . . 9
6.3 Opening, Creating, and Closing Files . . . . . . . . . . . . 11 5.1 Flags . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.4 Reading and Writing . . . . . . . . . . . . . . . . . . . . 13 5.2 Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
6.5 Removing and Renaming Files . . . . . . . . . . . . . . . . 14 5.3 Size . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
6.6 Creating and Deleting Directories . . . . . . . . . . . . . 15 5.4 Owner and Group . . . . . . . . . . . . . . . . . . . . . 10
6.7 Scanning Directories . . . . . . . . . . . . . . . . . . . . 15 5.5 Permissions . . . . . . . . . . . . . . . . . . . . . . . 11
6.8 Retrieving File Attributes . . . . . . . . . . . . . . . . . 16 5.6 Times . . . . . . . . . . . . . . . . . . . . . . . . . . 11
6.9 Setting File Attributes . . . . . . . . . . . . . . . . . . 17 5.7 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
6.10 Dealing with Symbolic links . . . . . . . . . . . . . . . . 18 5.8 Extended attributes . . . . . . . . . . . . . . . . . . . 12
6.11 Canonicalizing the Server-Side Path Name . . . . . . . . . . 18 6. Requests From the Client to the Server . . . . . . . . . . 13
7. Responses from the Server to the Client . . . . . . . . . . 20 6.1 Request Synchronization and Reordering . . . . . . . . . . 13
8. Vendor-Specific Extensions . . . . . . . . . . . . . . . . . 24 6.2 File Names . . . . . . . . . . . . . . . . . . . . . . . . 14
9. Security Considerations . . . . . . . . . . . . . . . . . . 25 6.3 Opening, Creating, and Closing Files . . . . . . . . . . . 14
10. Changes from previous protocol versions . . . . . . . . . . 26 6.4 Reading and Writing . . . . . . . . . . . . . . . . . . . 17
10.1 Changes between versions 3 and 2 . . . . . . . . . . . . . . 26 6.5 Removing and Renaming Files . . . . . . . . . . . . . . . 18
10.2 Changes between versions 2 and 1 . . . . . . . . . . . . . . 26 6.6 Creating and Deleting Directories . . . . . . . . . . . . 19
10.3 Changes between versions 1 and 0 . . . . . . . . . . . . . . 26 6.7 Scanning Directories . . . . . . . . . . . . . . . . . . . 19
11. Trademark Issues . . . . . . . . . . . . . . . . . . . . . . 27 6.8 Retrieving File Attributes . . . . . . . . . . . . . . . . 20
References . . . . . . . . . . . . . . . . . . . . . . . . . 28 6.9 Setting File Attributes . . . . . . . . . . . . . . . . . 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 28 6.10 Dealing with Symbolic links . . . . . . . . . . . . . . . 22
Full Copyright Statement . . . . . . . . . . . . . . . . . . 29 6.11 Canonicalizing the Server-Side Path Name . . . . . . . . . 23
6.11.1 Best practice for dealing with paths . . . . . . . . . . . 23
7. Responses from the Server to the Client . . . . . . . . . 24
8. Vendor-Specific Extensions . . . . . . . . . . . . . . . . 28
9. Security Considerations . . . . . . . . . . . . . . . . . 29
10. Changes from previous protocol versions . . . . . . . . . 30
10.1 Changes between versions 4 and 3 . . . . . . . . . . . . . 30
10.2 Changes between versions 3 and 2 . . . . . . . . . . . . . 31
10.3 Changes between versions 2 and 1 . . . . . . . . . . . . . 31
10.4 Changes between versions 1 and 0 . . . . . . . . . . . . . 31
11. Trademark Issues . . . . . . . . . . . . . . . . . . . . . 32
References . . . . . . . . . . . . . . . . . . . . . . . . 33
Authors' Addresses . . . . . . . . . . . . . . . . . . . . 33
Full Copyright Statement . . . . . . . . . . . . . . . . . 35
1. Introduction 1. Introduction
This protocol provides secure file transfer (and more generally file This protocol provides secure file transfer (and more generally file
system access) functionality over a reliable data stream, such as a system access) functionality over a reliable data stream, such as a
channel in the SSH2 protocol [3]. channel in the SSH2 protocol [5].
This protocol is designed so that it could be used to implement a This protocol is designed so that it could be used to implement a
secure remote file system service, as well as a secure file transfer secure remote file system service, as well as a secure file transfer
service. service.
This protocol assumes that it runs over a secure channel, and that This protocol assumes that it runs over a secure channel, and that
the server has already authenticated the user at the client end, and the server has already authenticated the user at the client end, and
that the identity of the client user is externally available to the that the identity of the client user is externally available to the
server implementation. server implementation.
In general, this protocol follows a simple request-response model. In general, this protocol follows a simple request-response model.
Each request and response contains a sequence number and multiple Each request and response contains a sequence number and multiple
requests may be pending simultaneously. There are a relatively large requests may be pending simultaneously. There are a relatively large
number of different request messages, but a small number of possible number of different request messages, but a small number of possible
response messages. Each request has one or more response messages response messages. Each request has one or more response messages
that may be returned in result (e.g., a read either returns data or that may be returned in result (e.g., a read either returns data or
reports error status). reports error status).
The packet format descriptions in this specification follow the The packet format descriptions in this specification follow the
notation presented in the secsh architecture draft.[3]. notation presented in the secsh architecture draft. [5]
Even though this protocol is described in the context of the SSH2 Even though this protocol is described in the context of the SSH2
protocol, this protocol is general and independent of the rest of the protocol, this protocol is general and independent of the rest of the
SSH2 protocol suite. It could be used in a number of different SSH2 protocol suite. It could be used in a number of different
applications, such as secure file transfer over TLS RFC 2246 [1] and applications, such as secure file transfer over TLS RFC 2246 [1] and
transfer of management information in VPN applications. transfer of management information in VPN applications.
2. Use with the SSH Connection Protocol 2. Use with the SSH Connection Protocol
When used with the SSH2 Protocol suite, this protocol is intended to When used with the SSH2 Protocol suite, this protocol is intended to
be used from the SSH Connection Protocol [5] as a subsystem, as be used from the SSH Connection Protocol [7] as a subsystem, as
described in section ``Starting a Shell or a Command''. The described in section ``Starting a Shell or a Command''. The
subsystem name used with this protocol is "sftp". subsystem name used with this protocol is "sftp".
3. General Packet Format 3. General Packet Format
All packets transmitted over the secure connection are of the All packets transmitted over the secure connection are of the
following format: following format:
uint32 length uint32 length
byte type byte type
skipping to change at page 6, line 27 skipping to change at page 6, line 25
#define SSH_FXP_OPENDIR 11 #define SSH_FXP_OPENDIR 11
#define SSH_FXP_READDIR 12 #define SSH_FXP_READDIR 12
#define SSH_FXP_REMOVE 13 #define SSH_FXP_REMOVE 13
#define SSH_FXP_MKDIR 14 #define SSH_FXP_MKDIR 14
#define SSH_FXP_RMDIR 15 #define SSH_FXP_RMDIR 15
#define SSH_FXP_REALPATH 16 #define SSH_FXP_REALPATH 16
#define SSH_FXP_STAT 17 #define SSH_FXP_STAT 17
#define SSH_FXP_RENAME 18 #define SSH_FXP_RENAME 18
#define SSH_FXP_READLINK 19 #define SSH_FXP_READLINK 19
#define SSH_FXP_SYMLINK 20 #define SSH_FXP_SYMLINK 20
#define SSH_FXP_STATUS 101 #define SSH_FXP_STATUS 101
#define SSH_FXP_HANDLE 102 #define SSH_FXP_HANDLE 102
#define SSH_FXP_DATA 103 #define SSH_FXP_DATA 103
#define SSH_FXP_NAME 104 #define SSH_FXP_NAME 104
#define SSH_FXP_ATTRS 105 #define SSH_FXP_ATTRS 105
#define SSH_FXP_EXTENDED 200 #define SSH_FXP_EXTENDED 200
#define SSH_FXP_EXTENDED_REPLY 201 #define SSH_FXP_EXTENDED_REPLY 201
RESERVED_FOR_EXTENSIONS 210-255
Additional packet types should only be defined if the protocol Additional packet types should only be defined if the protocol
version number (see Section ``Protocol Initialization'') is version number (see Section ``Protocol Initialization'') is
incremented, and their use MUST be negotiated using the version incremented, and their use MUST be negotiated using the version
number. However, the SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY number. However, the SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY
packets can be used to implement vendor-specific extensions. See packets can be used to implement vendor-specific extensions. See
Section ``Vendor-Specific-Extensions'' for more details. Section ``Vendor-Specific-Extensions'' for more details.
4. Protocol Initialization 4. Protocol Initialization
When the file transfer protocol starts, it first sends a SSH_FXP_INIT When the file transfer protocol starts, the client first sends a
(including its version number) packet to the server. The server SSH_FXP_INIT (including its version number) packet to the server.
responds with a SSH_FXP_VERSION packet, supplying the lowest of its The server responds with a SSH_FXP_VERSION packet, supplying the
own and the client's version number. Both parties should from then lowest of its own and the client's version number. Both parties
on adhere to particular version of the protocol. should from then on adhere to particular version of the protocol.
The version number of the protocol specified in this document is 4.
The version number should be incremented for each incompatible
revision of this protocol.
4.1 Client Initialization
The SSH_FXP_INIT packet (from client to server) has the following The SSH_FXP_INIT packet (from client to server) has the following
data: data:
uint32 version uint32 version
<extension data>
Version 3 of this protocol allowed clients to include extensions in
the SSH_FXP_INIT packet; however, this can cause interoperability
problems with version 1 and version 2 servers because the client must
send this packet before knowing the servers version.
In this version of the protocol, clients MUST use the
SSH_FXP_EXTENDED packet to send extensions to the server after
version exchange has completed. Clients MUST NOT include extensions
in the version packet. This will prevent interoperability problems
with older servers
4.2 Server Initialization
The SSH_FXP_VERSION packet (from server to client) has the following The SSH_FXP_VERSION packet (from server to client) has the following
data: data:
uint32 version uint32 version
<extension data> <extension data>
The version number of the protocol specified in this document is 3. 'version' is the lower of the protocol version supported by the
The version number should be incremented for each incompatible server and the version number received from the client.
revision of this protocol.
The extension data in the above packets may be empty, or may be a The extension data may be empty, or may be a sequence of
sequence of
string extension_name string extension_name
string extension_data string extension_data
pairs (both strings MUST always be present if one is, but the pairs (both strings MUST always be present if one is, but the
`extension_data' string may be of zero length). If present, these `extension_data' string may be of zero length). If present, these
strings indicate extensions to the baseline protocol. The strings indicate extensions to the baseline protocol. The
`extension_name' field(s) identify the name of the extension. The `extension_name' field(s) identify the name of the extension. The
name should be of the form "name@domain", where the domain is the DNS name should be of the form "name@domain", where the domain is the DNS
domain name of the organization defining the extension. Additional domain name of the organization defining the extension. Additional
names that are not of this format may be defined later by the IETF. names that are not of this format may be defined later by the IETF.
Implementations MUST silently ignore any extensions whose name they Implementations MUST silently ignore any extensions whose name they
do not recognize. do not recognize.
5. File Attributes 4.3 Determining Server Newline Convention
A new compound data type is defined for encoding file attributes. It In order to correctly process text files in a cross platform
is basically just a combination of elementary types, but is defined compatible way, the newline convention must be converted from that of
once because of the non-trivial description of the fields and to the server to that of the client, or, during an upload, from that of
ensure maintainability. the client to that of the server.
Versions 3 and prior of this protocol made no provisions for
processing text files. Many clients implemented some sort of
conversion algorithm, but without either a 'canonical' on the wire
format or knowledge of the servers newline convention, correct
conversion was not always possible.
Starting with Version 4, the SSH_FXF_TEXT file open flag (Section
6.3) makes it possible to request that the server translate a file to
a 'canonical' on the wire format. This format uses \r\n as the line
separator.
Servers for systems using multiple newline characters (for example,
Mac OS X or VMS) or systems using counted records, MUST translate to
the canonical form.
However, to ease the burden of implementation on servers that use a
single, simple separator sequence, the following extension allows the
canonical format to be changed.
string "newline"
string new-canonical-separator (usually "\r" or "\n" or "\r\n")
All clients MUST support this extension.
When processing text files, clients SHOULD NOT translate any
character or sequence that is not an exact match of the servers
newline separator.
In particular, if the newline sequence being used is the canonical
"\r\n" sequence, a lone \r or a lone \n SHOULD be written through
without change.
5. File Attributes
A new compound data type is defined for encoding file attributes.
The same encoding is used both when returning file attributes from The same encoding is used both when returning file attributes from
the server and when sending file attributes to the server. When the server and when sending file attributes to the server. When
sending it to the server, the flags field specifies which attributes sending it to the server, the flags field specifies which attributes
are included, and the server will use default values for the are included, and the server will use default values for the
remaining attributes (or will not modify the values of remaining remaining attributes (or will not modify the values of remaining
attributes). When receiving attributes from the server, the flags attributes). When receiving attributes from the server, the flags
specify which attributes are included in the returned data. The specify which attributes are included in the returned data. The
server normally returns all attributes it knows about. server normally returns all attributes it knows about.
uint32 flags uint32 flags
byte type always present
uint64 size present only if flag SSH_FILEXFER_ATTR_SIZE uint64 size present only if flag SSH_FILEXFER_ATTR_SIZE
uint32 uid present only if flag SSH_FILEXFER_ATTR_UIDGID string owner present only if flag SSH_FILEXFER_ATTR_OWNERGROUP
uint32 gid present only if flag SSH_FILEXFER_ATTR_UIDGID string group present only if flag SSH_FILEXFER_ATTR_OWNERGROUP
uint32 permissions present only if flag SSH_FILEXFER_ATTR_PERMISSIONS uint32 permissions present only if flag SSH_FILEXFER_ATTR_PERMISSIONS
uint32 atime present only if flag SSH_FILEXFER_ACMODTIME uint32 atime present only if flag SSH_FILEXFER_ATTR_ACCESSTIME
uint32 mtime present only if flag SSH_FILEXFER_ACMODTIME uint32 createtime present only if flag SSH_FILEXFER_ATTR_CREATETIME
uint32 mtime present only if flag SSH_FILEXFER_ATTR_MODIFYTIME
string acl present only if flag SSH_FILEXFER_ATTR_ACL
uint32 extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED uint32 extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED
string extended_type string extended_type
string extended_data string extended_data
... more extended data (extended_type - extended_data pairs), ... more extended data (extended_type - extended_data pairs),
so that number of pairs equals extended_count so that number of pairs equals extended_count
5.1 Flags
The `flags' specify which of the fields are present. Those fields The `flags' specify which of the fields are present. Those fields
for which the corresponding flag is not set are not present (not for which the corresponding flag is not set are not present (not
included in the packet). New flags can only be added by incrementing included in the packet). New flags can only be added by incrementing
the protocol version number (or by using the extension mechanism the protocol version number (or by using the extension mechanism
described below). described below).
The `size' field specifies the size of the file in bytes. The flags bits are defined to have the following values:
The `uid' and `gid' fields contain numeric Unix-like user and group #define SSH_FILEXFER_ATTR_SIZE 0x00000001
identifiers, respectively. #define SSH_FILEXFER_ATTR_PERMISSIONS 0x00000004
#define SSH_FILEXFER_ATTR_ACCESSTIME 0x00000008
#define SSH_FILEXFER_ATTR_CREATETIME 0x00000010
#define SSH_FILEXFER_ATTR_MODIFYTIME 0x00000020
#define SSH_FILEXFER_ATTR_ACL 0x00000040
#define SSH_FILEXFER_ATTR_OWNERGROUP 0x00000080
#define SSH_FILEXFER_ATTR_EXTENDED 0x80000000
In previous versions of this protocol flags value 0x00000002 was
SSH_FILEXFER_ATTR_UIDGID. This value is now unused, and OWNERGROUP
was given a new value in order to ease implementation burden.
0x00000002 MUST NOT appear in the mask. Some future version of this
protocol may reuse flag 0x00000002.
5.2 Type
The type field is always present. The following types are defined:
#define SSH_FILEXFER_TYPE_REGULAR 1
#define SSH_FILEXFER_TYPE_DIRECTORY 2
#define SSH_FILEXFER_TYPE_SYMLINK 3
#define SSH_FILEXFER_TYPE_SPECIAL 4
#define SSH_FILEXFER_TYPE_UNKNOWN 5
On a POSIX system, these values would be derived from the permission
field.
5.3 Size
The `size' field specifies the size of the file on disk, in bytes.
If it is present during file creation, it should be considered a hint
as to the files eventual size.
Files opened with the SSH_FXF_TEXT flag may have a size that is
greater or less than the value of the size field.
5.4 Owner and Group
The `owner' and `group' fields are represented as UTF-8 strings; this
is the form used by NFS v4. See NFS version 4 Protocol. [3] The
following text is selected quotations from section 5.6.
To avoid a representation that is tied to a particular underlying
implementation at the client or server, the use of UTF-8 strings has
been chosen. The string should be of the form user@dns_domain".
This will allow for a client and server that do not use the same
local representation the ability to translate to a common syntax that
can be interpreted by both. In the case where there is no
translation available to the client or server, the attribute value
must be constructed without the "@". Therefore, the absence of the @
from the owner or owner_group attribute signifies that no translation
was available and the receiver of the attribute should not place any
special meaning with the attribute value. Even though the attribute
value can not be translated, it may still be useful. In the case of
a client, the attribute string may be used for local display of
ownership.
5.5 Permissions
The `permissions' field contains a bit mask of file permissions as The `permissions' field contains a bit mask of file permissions as
defined by posix [1]. defined by POSIX [1].
The `atime' and `mtime' contain the access and modification times of 5.6 Times
the files, respectively. They are represented as seconds from Jan 1,
1970 in UTC. The 'atime', 'createtime', and 'mtime' contain the access, creation,
and modification times of the files, respectively. They are
represented as seconds from Jan 1, 1970 in UTC.
5.7 ACL
The 'ACL' field contains an ACL similar to that defined in section
5.9 of NFS version 4 Protocol [3].
uint32 ace-count
repeated ace-count time:
uint32 ace-type
uint32 ace-flag
uint32 ace-mask
string who [UTF-8]
ace-type is one of the following four values (taken from NFS Version
4 Protocol [3]:
const ACE4_ACCESS_ALLOWED_ACE_TYPE = 0x00000000;
const ACE4_ACCESS_DENIED_ACE_TYPE = 0x00000001;
const ACE4_SYSTEM_AUDIT_ACE_TYPE = 0x00000002;
const ACE4_SYSTEM_ALARM_ACE_TYPE = 0x00000003;
ace-flag is a combination of the following flag values. See NFS
Version 4 Protocol [3] section 5.9.2:
const ACE4_FILE_INHERIT_ACE = 0x00000001;
const ACE4_DIRECTORY_INHERIT_ACE = 0x00000002;
const ACE4_NO_PROPAGATE_INHERIT_ACE = 0x00000004;
const ACE4_INHERIT_ONLY_ACE = 0x00000008;
const ACE4_SUCCESSFUL_ACCESS_ACE_FLAG = 0x00000010;
const ACE4_FAILED_ACCESS_ACE_FLAG = 0x00000020;
const ACE4_IDENTIFIER_GROUP = 0x00000040;
ace-mask is any combination of the following flags (taken from NFS
Version 4 Protocol [3] section 5.9.3:
const ACE4_READ_DATA = 0x00000001;
const ACE4_LIST_DIRECTORY = 0x00000001;
const ACE4_WRITE_DATA = 0x00000002;
const ACE4_ADD_FILE = 0x00000002;
const ACE4_APPEND_DATA = 0x00000004;
const ACE4_ADD_SUBDIRECTORY = 0x00000004;
const ACE4_READ_NAMED_ATTRS = 0x00000008;
const ACE4_WRITE_NAMED_ATTRS = 0x00000010;
const ACE4_EXECUTE = 0x00000020;
const ACE4_DELETE_CHILD = 0x00000040;
const ACE4_READ_ATTRIBUTES = 0x00000080;
const ACE4_WRITE_ATTRIBUTES = 0x00000100;
const ACE4_DELETE = 0x00010000;
const ACE4_READ_ACL = 0x00020000;
const ACE4_WRITE_ACL = 0x00040000;
const ACE4_WRITE_OWNER = 0x00080000;
const ACE4_SYNCHRONIZE = 0x00100000;
who is a UTF-8 string of the form described in 'Owner and Group'
(Section 5.4)
5.8 Extended attributes
The SSH_FILEXFER_ATTR_EXTENDED flag provides a general extension The SSH_FILEXFER_ATTR_EXTENDED flag provides a general extension
mechanism for vendor-specific extensions. If the flag is specified, mechanism for vendor-specific extensions. If the flag is specified,
then the `extended_count' field is present. It specifies the number then the `extended_count' field is present. It specifies the number
of extended_type-extended_data pairs that follow. Each of these of extended_type-extended_data pairs that follow. Each of these
pairs specifies an extended attribute. For each of the attributes, pairs specifies an extended attribute. For each of the attributes,
the extended_type field should be a string of the format the extended_type field should be a string of the format
"name@domain", where "domain" is a valid, registered domain name and "name@domain", where "domain" is a valid, registered domain name and
"name" identifies the method. The IETF may later standardize certain "name" identifies the method. The IETF may later standardize certain
names that deviate from this format (e.g., that do not contain the names that deviate from this format (e.g., that do not contain the
skipping to change at page 9, line 26 skipping to change at page 13, line 5
Additional fields can be added to the attributes by either defining Additional fields can be added to the attributes by either defining
additional bits to the flags field to indicate their presence, or by additional bits to the flags field to indicate their presence, or by
defining extended attributes for them. The extended attributes defining extended attributes for them. The extended attributes
mechanism is recommended for most purposes; additional flags bits mechanism is recommended for most purposes; additional flags bits
should only be defined by an IETF standards action that also should only be defined by an IETF standards action that also
increments the protocol version number. The use of such new fields increments the protocol version number. The use of such new fields
MUST be negotiated by the version number in the protocol exchange. MUST be negotiated by the version number in the protocol exchange.
It is a protocol error if a packet with unsupported protocol bits is It is a protocol error if a packet with unsupported protocol bits is
received. received.
The flags bits are defined to have the following values:
#define SSH_FILEXFER_ATTR_SIZE 0x00000001
#define SSH_FILEXFER_ATTR_UIDGID 0x00000002
#define SSH_FILEXFER_ATTR_PERMISSIONS 0x00000004
#define SSH_FILEXFER_ATTR_ACMODTIME 0x00000008
#define SSH_FILEXFER_ATTR_EXTENDED 0x80000000
6. Requests From the Client to the Server 6. Requests From the Client to the Server
Requests from the client to the server represent the various file Requests from the client to the server represent the various file
system operations. Each request begins with an `id' field, which is system operations. Each request begins with an `id' field, which is
a 32-bit identifier identifying the request (selected by the client). a 32-bit identifier identifying the request (selected by the client).
The same identifier will be returned in the response to the request. The same identifier will be returned in the response to the request.
One possible implementation of it is a monotonically increasing One possible implementation is a monotonically increasing request
request sequence number (modulo 2^32). sequence number (modulo 2^32).
Many operations in the protocol operate on open files. The Many operations in the protocol operate on open files. The
SSH_FXP_OPEN request can return a file handle (which is an opaque SSH_FXP_OPEN request can return a file handle (which is an opaque
variable-length string) which may be used to access the file later variable-length string) which may be used to access the file later
(e.g. in a read operation). The client MUST NOT send requests the (e.g. in a read operation). The client MUST NOT send requests the
server with bogus or closed handles. However, the server MUST server with bogus or closed handles. However, the server MUST
perform adequate checks on the handle in order to avoid security perform adequate checks on the handle in order to avoid security
risks due to fabricated handles. risks due to fabricated handles.
This design allows either stateful and stateless server This design allows either stateful and stateless server
skipping to change at page 11, line 32 skipping to change at page 14, line 32
the intended area. the intended area.
An empty path name is valid, and it refers to the user's default An empty path name is valid, and it refers to the user's default
directory (usually the user's home directory). directory (usually the user's home directory).
Otherwise, no syntax is defined for file names by this specification. Otherwise, no syntax is defined for file names by this specification.
Clients should not make any other assumptions; however, they can Clients should not make any other assumptions; however, they can
splice path name components returned by SSH_FXP_READDIR together splice path name components returned by SSH_FXP_READDIR together
using a slash ('/') as the separator, and that will work as expected. using a slash ('/') as the separator, and that will work as expected.
In order to comply with IETF Policy on Character Sets and Languages
[2], all filenames are to be encoded in UTF-8. The shortest valid
UTF-8 encoding of the UNICODE data MUST be used. The server is
responsible for converting the UNICODE data to whatever canonical
form it requires.
For example, if the server requires that precomposed characters
always be used, the server MUST NOT assume the filename as sent by
the client has this attribute, but must do this normalization itself.
It is understood that the lack of well-defined semantics for file It is understood that the lack of well-defined semantics for file
names may cause interoperability problems between clients and servers names may cause interoperability problems between clients and servers
using radically different operating systems. However, this approach using radically different operating systems. However, this approach
is known to work acceptably with most systems, and alternative is known to work acceptably with most systems, and alternative
approaches that e.g. treat file names as sequences of structured approaches that e.g. treat file names as sequences of structured
components are quite complicated. components are quite complicated.
6.3 Opening, Creating, and Closing Files 6.3 Opening, Creating, and Closing Files
Files are opened and created using the SSH_FXP_OPEN message, whose Files are opened and created using the SSH_FXP_OPEN message, whose
data part is as follows: data part is as follows:
uint32 id uint32 id
string filename string filename [UTF-8]
uint32 pflags uint32 pflags
ATTRS attrs ATTRS attrs
The `id' field is the request identifier as for all requests. The `id' field is the request identifier as for all requests.
The `filename' field specifies the file name. See Section ``File The `filename' field specifies the file name. See Section ``File
Names'' for more information. Names'' for more information.
The `pflags' field is a bitmask. The following bits have been The `pflags' field is a bitmask. The following bits have been
defined. defined.
#define SSH_FXF_READ 0x00000001 #define SSH_FXF_READ 0x00000001
#define SSH_FXF_WRITE 0x00000002 #define SSH_FXF_WRITE 0x00000002
#define SSH_FXF_APPEND 0x00000004 #define SSH_FXF_APPEND 0x00000004
#define SSH_FXF_CREAT 0x00000008 #define SSH_FXF_CREAT 0x00000008
#define SSH_FXF_TRUNC 0x00000010 #define SSH_FXF_TRUNC 0x00000010
#define SSH_FXF_EXCL 0x00000020 #define SSH_FXF_EXCL 0x00000020
#define SSH_FXF_TEXT 0x00000040
These have the following meanings: These have the following meanings:
SSH_FXF_READ SSH_FXF_READ
Open the file for reading. Open the file for reading.
SSH_FXF_WRITE SSH_FXF_WRITE
Open the file for writing. If both this and SSH_FXF_READ are Open the file for writing. If both this and SSH_FXF_READ are
specified, the file is opened for both reading and writing. specified, the file is opened for both reading and writing.
SSH_FXF_APPEND SSH_FXF_APPEND
Force all writes to append data at the end of the file. Force all writes to append data at the end of the file. The
offset parameter to write will be ignored.
SSH_FXF_CREAT SSH_FXF_CREAT
If this flag is specified, then a new file will be created if one If this flag is specified, then a new file will be created if one
does not already exist (if O_TRUNC is specified, the new file will does not already exist (if O_TRUNC is specified, the new file will
be truncated to zero length if it previously exists). be truncated to zero length if it previously exists).
SSH_FXF_TRUNC SSH_FXF_TRUNC
Forces an existing file with the same name to be truncated to zero Forces an existing file with the same name to be truncated to zero
length when creating a file by specifying SSH_FXF_CREAT. length when creating a file by specifying SSH_FXF_CREAT.
SSH_FXF_CREAT MUST also be specified if this flag is used. SSH_FXF_CREAT MUST also be specified if this flag is used.
SSH_FXF_EXCL SSH_FXF_EXCL
Causes the request to fail if the named file already exists. Causes the request to fail if the named file already exists.
SSH_FXF_CREAT MUST also be specified if this flag is used. SSH_FXF_CREAT MUST also be specified if this flag is used.
SSH_FXF_TEXT
Indicates that the server should treat the file as text and
convert it to the canonical newline convention in use. (See
Determining Server Newline Convention. (Section 4.3)
When a file is opened with the FXF_TEXT flag, the offset field in
both the read and write function are ignored.
Servers MUST correctly process multiple parallel reads and writes
correctly in this mode. Naturally, it is permissible for them to
do this by serializing the requests. It would not be possible for
a client to reliably detect a server that does not implement
parallel writes in time to prevent damage.
Clients SHOULD use the SSH_FXF_APPEND flag to append data to a
text file rather then using write with a calculated offset.
To support seeks on text file the following SSH_FXP_EXTENDED
packet is defined.
string "text-seek"
string file-handle
uint64 line-number
line-number is the index of the line number to seek to, where byte
0 in the file is line number 0, and the byte directly following
the first newline sequence in the file is line number 1 and so on.
The response to a "text-seek" request is an SSH_FXP_STATUS
message.
An attempt to seek past the end-of-file should result in a
SSH_FX_EOF status.
Servers SHOULD support at least one "text-seek" in order to
support resume. However, a client MUST be prepared to receive
SSH_FX_OP_UNSUPPORTED when attempting a "text-seek" operation.
The client can then try a fall-back strategy, if it has one.
Clients MUST be prepared to handle SSH_FX_OP_UNSUPPORTED returned
for read or write operations that are not sequential.
The `attrs' field specifies the initial attributes for the file. The `attrs' field specifies the initial attributes for the file.
Default values will be used for those attributes that are not Default values will be used for those attributes that are not
specified. See Section ``File Attributes'' for more information. specified. See Section ``File Attributes'' for more information.
Regardless the server operating system, the file will always be
opened in "binary" mode (i.e., no translations between different
character sets and newline encodings).
The response to this message will be either SSH_FXP_HANDLE (if the The response to this message will be either SSH_FXP_HANDLE (if the
operation is successful) or SSH_FXP_STATUS (if the operation fails). operation is successful) or SSH_FXP_STATUS (if the operation fails).
A file is closed by using the SSH_FXP_CLOSE request. Its data field A file is closed by using the SSH_FXP_CLOSE request. Its data field
has the following format: has the following format:
uint32 id uint32 id
string handle string handle
where `id' is the request identifier, and `handle' is a handle where `id' is the request identifier, and `handle' is a handle
skipping to change at page 14, line 22 skipping to change at page 18, line 29
allocate disk space but instead leave "holes" in the file. allocate disk space but instead leave "holes" in the file.
The server responds to a write request with a SSH_FXP_STATUS message. The server responds to a write request with a SSH_FXP_STATUS message.
6.5 Removing and Renaming Files 6.5 Removing and Renaming Files
Files can be removed using the SSH_FXP_REMOVE message. It has the Files can be removed using the SSH_FXP_REMOVE message. It has the
following format: following format:
uint32 id uint32 id
string filename string filename [UTF-8]
where `id' is the request identifier and `filename' is the name of where `id' is the request identifier and `filename' is the name of
the file to be removed. See Section ``File Names'' for more the file to be removed. See Section ``File Names'' for more
information. This request cannot be used to remove directories. information. This request cannot be used to remove directories.
The server will respond to this request with a SSH_FXP_STATUS The server will respond to this request with a SSH_FXP_STATUS
message. message.
Files (and directories) can be renamed using the SSH_FXP_RENAME Files (and directories) can be renamed using the SSH_FXP_RENAME
message. Its data is as follows: message. Its data is as follows:
uint32 id uint32 id
string oldpath string oldpath [UTF-8]
string newpath string newpath [UTF-8]
where `id' is the request identifier, `oldpath' is the name of an where `id' is the request identifier, `oldpath' is the name of an
existing file or directory, and `newpath' is the new name for the existing file or directory, and `newpath' is the new name for the
file or directory. It is an error if there already exists a file file or directory. It is an error if there already exists a file
with the name specified by newpath. The server may also fail rename with the name specified by newpath. The server may also fail rename
requests in other situations, for example if `oldpath' and `newpath' requests in other situations, for example if `oldpath' and `newpath'
point to different file systems on the server. point to different file systems on the server.
The server will respond to this request with a SSH_FXP_STATUS The server will respond to this request with a SSH_FXP_STATUS
message. message.
6.6 Creating and Deleting Directories 6.6 Creating and Deleting Directories
New directories can be created using the SSH_FXP_MKDIR request. It New directories can be created using the SSH_FXP_MKDIR request. It
has the following format: has the following format:
uint32 id uint32 id
string path string path [UTF-8]
ATTRS attrs ATTRS attrs
where `id' is the request identifier, `path' and `attrs' specifies where `id' is the request identifier.
the modifications to be made to its attributes. See Section ``File
Names'' for more information on file names. Attributes are discussed
in more detail in Section ``File Attributes''. specifies the
directory to be created. An error will be returned if a file or
directory with the specified path already exists. The server will
respond to this request with a SSH_FXP_STATUS message.
Directories can be removed using the SSH_FXP_RMDIR request, which `path' specifies the directory to be created. See Section ``File
has the following format: Names'' for more information on file names.
`attrs' specifies the attributes that should be applied to it upon
creation. Attributes are discussed in more detail in Section ``File
Attributes''.
The server will respond to this request with a SSH_FXP_STATUS
message. If a file or directory with the specified path already
exists, an error will be returned.
Directories can be removed using the SSH_FXP_RMDIR request, which has
the following format:
uint32 id uint32 id
string path string path [UTF-8]
where `id' is the request identifier, and `path' specifies the where `id' is the request identifier, and `path' specifies the
directory to be removed. See Section ``File Names'' for more directory to be removed. See Section ``File Names'' for more
information on file names. An error will be returned if no directory information on file names.
with the specified path exists, or if the specified directory is not
empty, or if the path specified a file system object other than a The server responds to this request with a SSH_FXP_STATUS message.
directory. The server responds to this request with a SSH_FXP_STATUS Errors may be returned from this operation for various reasons,
message. including, but not limited to, the path does not exist, the path does
not refer to a directory object, the directory is not empty, or the
user has insufficient access or permission to perform the requested
operation.
6.7 Scanning Directories 6.7 Scanning Directories
The files in a directory can be listed using the SSH_FXP_OPENDIR and The files in a directory can be listed using the SSH_FXP_OPENDIR and
SSH_FXP_READDIR requests. Each SSH_FXP_READDIR request returns one SSH_FXP_READDIR requests. Each SSH_FXP_READDIR request returns one
or more file names with full file attributes for each file. The or more file names with full file attributes for each file. The
client should call SSH_FXP_READDIR repeatedly until it has found the client should call SSH_FXP_READDIR repeatedly until it has found the
file it is looking for or until the server responds with a file it is looking for or until the server responds with a
SSH_FXP_STATUS message indicating an error (normally SSH_FX_EOF if SSH_FXP_STATUS message indicating an error (normally SSH_FX_EOF if
there are no more files in the directory). The client should then there are no more files in the directory). The client should then
close the handle using the SSH_FXP_CLOSE request. close the handle using the SSH_FXP_CLOSE request.
The SSH_FXP_OPENDIR opens a directory for reading. It has the The SSH_FXP_OPENDIR opens a directory for reading. It has the
following format: following format:
uint32 id uint32 id
string path string path [UTF-8]
where `id' is the request identifier and `path' is the path name of where `id' is the request identifier and `path' is the path name of
the directory to be listed (without any trailing slash). See Section the directory to be listed (without any trailing slash). See Section
``File Names'' for more information on file names. This will return ``File Names'' for more information on file names. This will return
an error if the path does not specify a directory or if the directory an error if the path does not specify a directory or if the directory
is not readable. The server will respond to this request with either is not readable. The server will respond to this request with either
a SSH_FXP_HANDLE or a SSH_FXP_STATUS message. a SSH_FXP_HANDLE or a SSH_FXP_STATUS message.
Once the directory has been successfully opened, files (and Once the directory has been successfully opened, files (and
directories) contained in it can be listed using SSH_FXP_READDIR directories) contained in it can be listed using SSH_FXP_READDIR
skipping to change at page 16, line 34 skipping to change at page 20, line 37
where `id' is the request identifier, and `handle' is a handle where `id' is the request identifier, and `handle' is a handle
returned by SSH_FXP_OPENDIR. (It is a protocol error to attempt to returned by SSH_FXP_OPENDIR. (It is a protocol error to attempt to
use an ordinary file handle returned by SSH_FXP_OPEN.) use an ordinary file handle returned by SSH_FXP_OPEN.)
The server responds to this request with either a SSH_FXP_NAME or a The server responds to this request with either a SSH_FXP_NAME or a
SSH_FXP_STATUS message. One or more names may be returned at a time. SSH_FXP_STATUS message. One or more names may be returned at a time.
Full status information is returned for each name in order to speed Full status information is returned for each name in order to speed
up typical directory listings. up typical directory listings.
If there are no more names available to be read, the server MUST
respond with a SSH_FXP_STATUS message with error code of SSH_FX_EOF.
When the client no longer wishes to read more names from the When the client no longer wishes to read more names from the
directory, it SHOULD call SSH_FXP_CLOSE for the handle. The handle directory, it SHOULD call SSH_FXP_CLOSE for the handle. The handle
should be closed regardless of whether an error has occurred or not. should be closed regardless of whether an error has occurred or not.
6.8 Retrieving File Attributes 6.8 Retrieving File Attributes
Very often, file attributes are automatically returned by Very often, file attributes are automatically returned by
SSH_FXP_READDIR. However, sometimes there is need to specifically SSH_FXP_READDIR. However, sometimes there is need to specifically
retrieve the attributes for a named file. This can be done using the retrieve the attributes for a named file. This can be done using the
SSH_FXP_STAT, SSH_FXP_LSTAT and SSH_FXP_FSTAT requests. SSH_FXP_STAT, SSH_FXP_LSTAT and SSH_FXP_FSTAT requests.
SSH_FXP_STAT and SSH_FXP_LSTAT only differ in that SSH_FXP_STAT SSH_FXP_STAT and SSH_FXP_LSTAT only differ in that SSH_FXP_STAT
follows symbolic links on the server, whereas SSH_FXP_LSTAT does not follows symbolic links on the server, whereas SSH_FXP_LSTAT does not
follow symbolic links. Both have the same format: follow symbolic links. Both have the same format:
uint32 id uint32 id
string path string path [UTF-8]
uint32 flags
where `id' is the request identifier, and `path' specifies the file where `id' is the request identifier, and `path' specifies the file
system object for which status is to be returned. The server system object for which status is to be returned. The server
responds to this request with either SSH_FXP_ATTRS or SSH_FXP_STATUS. responds to this request with either SSH_FXP_ATTRS or SSH_FXP_STATUS.
The flags field specify the attribute flags in which the client has
particular interest. This is a hint to the server. For example,
because retrieving owner / group and acl information can be an
expensive operation under some operating systems, the server may
choose not to retrieve this information unless the client expresses a
specific interest in it.
The client has no guarantee the server will provide all the fields
that it has expressed an interest in.
SSH_FXP_FSTAT differs from the others in that it returns status SSH_FXP_FSTAT differs from the others in that it returns status
information for an open file (identified by the file handle). Its information for an open file (identified by the file handle). Its
format is as follows: format is as follows:
uint32 id uint32 id
string handle string handle
uint32 flags
where `id' is the request identifier and `handle' is a file handle where `id' is the request identifier and `handle' is a file handle
returned by SSH_FXP_OPEN. The server responds to this request with returned by SSH_FXP_OPEN. The server responds to this request with
SSH_FXP_ATTRS or SSH_FXP_STATUS. SSH_FXP_ATTRS or SSH_FXP_STATUS.
6.9 Setting File Attributes 6.9 Setting File Attributes
File attributes may be modified using the SSH_FXP_SETSTAT and File attributes may be modified using the SSH_FXP_SETSTAT and
SSH_FXP_FSETSTAT requests. These requests are used for operations SSH_FXP_FSETSTAT requests. These requests are used for operations
such as changing the ownership, permissions or access times, as well such as changing the ownership, permissions or access times, as well
as for truncating a file. as for truncating a file.
The SSH_FXP_SETSTAT request is of the following format: The SSH_FXP_SETSTAT request is of the following format:
uint32 id uint32 id
string path string path [UTF-8]
ATTRS attrs ATTRS attrs
where `id' is the request identifier, `path' specifies the file where `id' is the request identifier, `path' specifies the file
system object (e.g. file or directory) whose attributes are to be system object (e.g. file or directory) whose attributes are to be
modified, and `attrs' specifies the modifications to be made to its modified, and `attrs' specifies the modifications to be made to its
attributes. Attributes are discussed in more detail in Section attributes. Attributes are discussed in more detail in Section
``File Attributes''. ``File Attributes''.
An error will be returned if the specified file system object does An error will be returned if the specified file system object does
not exist or the user does not have sufficient rights to modify the not exist or the user does not have sufficient rights to modify the
skipping to change at page 18, line 14 skipping to change at page 22, line 33
attributes. Attributes are discussed in more detail in Section attributes. Attributes are discussed in more detail in Section
``File Attributes''. The server will respond to this request with ``File Attributes''. The server will respond to this request with
SSH_FXP_STATUS. SSH_FXP_STATUS.
6.10 Dealing with Symbolic links 6.10 Dealing with Symbolic links
The SSH_FXP_READLINK request may be used to read the target of a The SSH_FXP_READLINK request may be used to read the target of a
symbolic link. It would have a data part as follows: symbolic link. It would have a data part as follows:
uint32 id uint32 id
string path string path [UTF-8]
where `id' is the request identifier and `path' specifies the path where `id' is the request identifier and `path' specifies the path
name of the symlink to be read. name of the symlink to be read.
The server will respond with a SSH_FXP_NAME packet containing only The server will respond with a SSH_FXP_NAME packet containing only
one name and a dummy attributes value. The name in the returned one name and a dummy attributes value. The name in the returned
packet contains the target of the link. If an error occurs, the packet contains the target of the link. If an error occurs, the
server may respond with SSH_FXP_STATUS. server may respond with SSH_FXP_STATUS.
The SSH_FXP_SYMLINK request will create a symbolic link on the The SSH_FXP_SYMLINK request will create a symbolic link on the
server. It is of the following format server. It is of the following format
uint32 id uint32 id
string linkpath string linkpath [UTF-8]
string targetpath string targetpath [UTF-8]
where `id' is the request identifier, `linkpath' specifies the path where `id' is the request identifier, `linkpath' specifies the path
name of the symlink to be created and `targetpath' specifies the name of the symlink to be created and `targetpath' specifies the
target of the symlink. The server shall respond with a target of the symlink. The server shall respond with a
SSH_FXP_STATUS indicating either success (SSH_FX_OK) or an error SSH_FXP_STATUS indicating either success (SSH_FX_OK) or an error
condition. condition.
6.11 Canonicalizing the Server-Side Path Name 6.11 Canonicalizing the Server-Side Path Name
The SSH_FXP_REALPATH request can be used to have the server The SSH_FXP_REALPATH request can be used to have the server
canonicalize any given path name to an absolute path. This is useful canonicalize any given path name to an absolute path. This is useful
for converting path names containing ".." components or relative for converting path names containing ".." components or relative
pathnames without a leading slash into absolute paths. The format of pathnames without a leading slash into absolute paths. The format of
the request is as follows: the request is as follows:
uint32 id uint32 id
string path string path [UTF-8]
where `id' is the request identifier and `path' specifies the path where `id' is the request identifier and `path' specifies the path
name to be canonicalized. The server will respond with a name to be canonicalized. The server will respond with a
SSH_FXP_NAME packet containing only one name and a dummy attributes SSH_FXP_NAME packet containing the name in canonical form and a dummy
value. The name is the returned packet will be in canonical form. attributes value. If an error occurs, the server may also respond
with SSH_FXP_STATUS.
If an error occurs, the server may also respond with SSH_FXP_STATUS. 6.11.1 Best practice for dealing with paths
The client SHOULD treat the results of SSH_FXP_REALPATH as a
canonical absolute path, even if the path does not appear to be
absolute. A client that use REALPATH(".") and treats the result as
absolute, even if there is no leading slash, will continue to
function correctly, even when talking to a Windows NT or VMS style
system, where absolute paths may not begin with a slash.
For example, if the client wishes to change directory up, and the
server has returned "c:/x/y/z" from REALPATH, the client SHOULD use
"c:/x/y/z/..".
As a second example, if the client wishes to open the file "x.txt" in
the current directory, and server has returned "dka100:/x/y/z" as the
canonical path of the directory, the client SHOULD open "dka100:/x/y/
z/x.txt"
7. Responses from the Server to the Client 7. Responses from the Server to the Client
The server responds to the client using one of a few response The server responds to the client using one of a few response
packets. All requests can return a SSH_FXP_STATUS response upon packets. All requests can return a SSH_FXP_STATUS response upon
failure. When the operation is successful, any of the responses may failure. When the operation is successful, any of the responses may
be returned (depending on the operation). If no data needs to be be returned (depending on the operation). If no data needs to be
returned to the client, the SSH_FXP_STATUS response with SSH_FX_OK returned to the client, the SSH_FXP_STATUS response with SSH_FX_OK
status is appropriate. Otherwise, the SSH_FXP_HANDLE message is used status is appropriate. Otherwise, the SSH_FXP_HANDLE message is used
to return a file handle (for SSH_FXP_OPEN and SSH_FXP_OPENDIR to return a file handle (for SSH_FXP_OPEN and SSH_FXP_OPENDIR
skipping to change at page 21, line 17 skipping to change at page 25, line 14
#define SSH_FX_OK 0 #define SSH_FX_OK 0
#define SSH_FX_EOF 1 #define SSH_FX_EOF 1
#define SSH_FX_NO_SUCH_FILE 2 #define SSH_FX_NO_SUCH_FILE 2
#define SSH_FX_PERMISSION_DENIED 3 #define SSH_FX_PERMISSION_DENIED 3
#define SSH_FX_FAILURE 4 #define SSH_FX_FAILURE 4
#define SSH_FX_BAD_MESSAGE 5 #define SSH_FX_BAD_MESSAGE 5
#define SSH_FX_NO_CONNECTION 6 #define SSH_FX_NO_CONNECTION 6
#define SSH_FX_CONNECTION_LOST 7 #define SSH_FX_CONNECTION_LOST 7
#define SSH_FX_OP_UNSUPPORTED 8 #define SSH_FX_OP_UNSUPPORTED 8
#define SSH_FX_INVALID_HANDLE 9
#define SSH_FX_NO_SUCH_PATH 10
#define SSH_FX_FILE_ALREADY_EXISTS 11
#define SSH_FX_WRITE_PROTECT 12
SSH_FX_OK SSH_FX_OK
Indicates successful completion of the operation. Indicates successful completion of the operation.
SSH_FX_EOF SSH_FX_EOF
indicates end-of-file condition; for SSH_FX_READ it means that no indicates end-of-file condition; for SSH_FX_READ it means that no
more data is available in the file, and for SSH_FX_READDIR it more data is available in the file, and for SSH_FX_READDIR it
indicates that no more files are contained in the directory. indicates that no more files are contained in the directory.
SSH_FX_NO_SUCH_FILE SSH_FX_NO_SUCH_FILE
is returned when a reference is made to a file which should exist is returned when a reference is made to a file which does not
but doesn't. exist.
SSH_FX_PERMISSION_DENIED SSH_FX_PERMISSION_DENIED
is returned when the authenticated user does not have sufficient is returned when the authenticated user does not have sufficient
permissions to perform the operation. permissions to perform the operation.
SSH_FX_FAILURE SSH_FX_FAILURE
is a generic catch-all error message; it should be returned if an is a generic catch-all error message; it should be returned if an
error occurs for which there is no more specific error code error occurs for which there is no more specific error code
defined. defined.
skipping to change at page 22, line 13 skipping to change at page 26, line 13
client, and MUST NOT be returned by servers). client, and MUST NOT be returned by servers).
SSH_FX_OP_UNSUPPORTED SSH_FX_OP_UNSUPPORTED
indicates that an attempt was made to perform an operation which indicates that an attempt was made to perform an operation which
is not supported for the server (it may be generated locally by is not supported for the server (it may be generated locally by
the client if e.g. the version number exchange indicates that a the client if e.g. the version number exchange indicates that a
required feature is not supported by the server, or it may be required feature is not supported by the server, or it may be
returned by the server if the server does not implement an returned by the server if the server does not implement an
operation). operation).
SSH_FX_INVALID_HANDLE
The handle value was invalid.
SSH_FX_NO_SUCH_PATH
The file path does not exist or is invalid.
SSH_FX_FILE_ALREADY_EXISTS
The file already exists.
SSH_FX_WRITE_PROTECT
The file is on read only media, or the media is write protected.
The SSH_FXP_HANDLE response has the following format: The SSH_FXP_HANDLE response has the following format:
uint32 id uint32 id
string handle string handle
where `id' is the request identifier, and `handle' is an arbitrary where `id' is the request identifier, and `handle' is an arbitrary
string that identifies an open file or directory on the server. The string that identifies an open file or directory on the server. The
handle is opaque to the client; the client MUST NOT attempt to handle is opaque to the client; the client MUST NOT attempt to
interpret or modify it in any way. The length of the handle string interpret or modify it in any way. The length of the handle string
MUST NOT exceed 256 data bytes. MUST NOT exceed 256 data bytes.
skipping to change at page 22, line 40 skipping to change at page 27, line 8
string containing the requested data. The data string may be at most string containing the requested data. The data string may be at most
the number of bytes requested in a SSH_FXP_READ request, but may also the number of bytes requested in a SSH_FXP_READ request, but may also
be shorter if end of file is reached or if the read is from something be shorter if end of file is reached or if the read is from something
other than a regular file. other than a regular file.
The SSH_FXP_NAME response has the following format: The SSH_FXP_NAME response has the following format:
uint32 id uint32 id
uint32 count uint32 count
repeats count times: repeats count times:
string filename string filename [UTF-8]
string longname
ATTRS attrs ATTRS attrs
where `id' is the request identifier, `count' is the number of names where `id' is the request identifier, `count' is the number of names
returned in this response, and the remaining fields repeat `count' returned in this response, and the remaining fields repeat `count'
times (so that all three fields are first included for the first times (so that all three fields are first included for the first
file, then for the second file, etc). In the repeated part, file, then for the second file, etc). In the repeated part,
`filename' is a file name being returned (for SSH_FXP_READDIR, it `filename' is a file name being returned (for SSH_FXP_READDIR, it
will be a relative name within the directory, without any path will be a relative name within the directory, without any path
components; for SSH_FXP_REALPATH it will be an absolute path name), components; for SSH_FXP_REALPATH it will be an absolute path name),
`longname' is an expanded format for the file name, similar to what and `attrs' is the attributes of the file as described in Section
is returned by "ls -l" on Unix systems, and `attrs' is the attributes ``File Attributes''.
of the file as described in Section ``File Attributes''.
The format of the `longname' field is unspecified by this protocol.
It MUST be suitable for use in the output of a directory listing
command (in fact, the recommended operation for a directory listing
command is to simply display this data). However, clients SHOULD NOT
attempt to parse the longname field for file attributes; they SHOULD
use the attrs field instead.
The recommended format for the longname field is as follows:
-rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer
1234567890 123 12345678 12345678 12345678 123456789012
Here, the first line is sample output, and the second field indicates
widths of the various fields. Fields are separated by spaces. The
first field lists file permissions for user, group, and others; the
second field is link count; the third field is the name of the user
who owns the file; the fourth field is the name of the group that
owns the file; the fifth field is the size of the file in bytes; the
sixth field (which actually may contain spaces, but is fixed to 12
characters) is the file modification time, and the seventh field is
the file name. Each field is specified to be a minimum of certain
number of character positions (indicated by the second line above),
but may also be longer if the data does not fit in the specified
length.
The SSH_FXP_ATTRS response has the following format: The SSH_FXP_ATTRS response has the following format:
uint32 id uint32 id
ATTRS attrs ATTRS attrs
where `id' is the request identifier, and `attrs' is the returned where `id' is the request identifier, and `attrs' is the returned
file attributes as described in Section ``File Attributes''. file attributes as described in Section ``File Attributes''.
8. Vendor-Specific Extensions 8. Vendor-Specific Extensions
skipping to change at page 25, line 5 skipping to change at page 28, line 37
respond with SSH_FXP_STATUS with error/status set to respond with SSH_FXP_STATUS with error/status set to
SSH_FX_OP_UNSUPPORTED. SSH_FX_OP_UNSUPPORTED.
The SSH_FXP_EXTENDED_REPLY packet can be used to carry arbitrary The SSH_FXP_EXTENDED_REPLY packet can be used to carry arbitrary
extension-specific data from the server to the client. It is of the extension-specific data from the server to the client. It is of the
following format: following format:
uint32 id uint32 id
... any request-specific data ... ... any request-specific data ...
There is a range of packet types reserved for use by extensions. In
order to avoid collision, extensions that turn on the use of
additional packet types should determine those numbers dynamically.
The suggested way of doing this is have an extension request from the
client to the server that enables the extension; the extension
response from the server to the client would specify the actual type
values to use, in additional to any other data.
Extension authors should be mindful of the limited range of packet
types available (there are only 45 values available) and avoid
requiring a new packet type where possible.
9. Security Considerations 9. Security Considerations
This protocol assumes that it is run over a secure channel and that This protocol assumes that it is run over a secure channel and that
the endpoints of the channel have been authenticated. Thus, this the endpoints of the channel have been authenticated. Thus, this
protocol assumes that it is externally protected from network-level protocol assumes that it is externally protected from network-level
attacks. attacks.
This protocol provides file system access to arbitrary files on the This protocol provides file system access to arbitrary files on the
server (only constrained by the server implementation). It is the server (only constrained by the server implementation). It is the
responsibility of the server implementation to enforce any access responsibility of the server implementation to enforce any access
controls that may be required to limit the access allowed for any controls that may be required to limit the access allowed for any
particular user (the user being authenticated externally to this particular user (the user being authenticated externally to this
protocol, typically using the SSH User Authentication Protocol [6]. protocol, typically using the SSH User Authentication Protocol [8].
Care must be taken in the server implementation to check the validity Care must be taken in the server implementation to check the validity
of received file handle strings. The server should not rely on them of received file handle strings. The server should not rely on them
directly; it MUST check the validity of each handle before relying on directly; it MUST check the validity of each handle before relying on
it. it.
10. Changes from previous protocol versions 10. Changes from previous protocol versions
The SSH File Transfer Protocol has changed over time, before it's The SSH File Transfer Protocol has changed over time, before it's
standardization. The following is a description of the incompatible standardization. The following is a description of the incompatible
changes between different versions. changes between different versions.
10.1 Changes between versions 3 and 2 10.1 Changes between versions 4 and 3
Many of the changes between version 4 and version 3 are to the
attribute structure to make it more flexible for non-unix platforms.
o Make all filenames UTF-8.
o Added 'newline' extension.
o Made file attribute owner and group strings so they can actually
be used on disparate systems.
o Added createtime field, and added separate flags for atime,
createtime, and mtime so they can be set separately.
o Split the file type out of the permissions field and into it's own
field (which is always present.)
o Added acl attribute.
o Added SSH_FXF_TEXT file open flag.
o Added flags field to the get stat commands so that the client can
specifically request information the server might not normally
included for performance reasons.
o Removed the long filename from the names structure-- it can now be
built from information available in the attrs structure.
o Added reserved range of packet numbers for extensions.
o Added several additional error codes.
o Change the way version negotiate works slightly. Previously, if
the client version were higher than the server version, the server
was supposed to 'echo back' the clients version. The server now
sends it's own version and the lower of the two is considered to
be the one in use.
10.2 Changes between versions 3 and 2
o The SSH_FXP_READLINK and SSH_FXP_SYMLINK messages were added. o The SSH_FXP_READLINK and SSH_FXP_SYMLINK messages were added.
o The SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY messages were o The SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY messages were
added. added.
o The SSH_FXP_STATUS message was changed to include fields `error o The SSH_FXP_STATUS message was changed to include fields `error
message' and `language tag'. message' and `language tag'.
10.2 Changes between versions 2 and 1 10.3 Changes between versions 2 and 1
o The SSH_FXP_RENAME message was added. o The SSH_FXP_RENAME message was added.
10.3 Changes between versions 1 and 0 10.4 Changes between versions 1 and 0
o Implementation changes, no actual protocol changes. o Implementation changes, no actual protocol changes.
11. Trademark Issues 11. Trademark Issues
"ssh" is a registered trademark of SSH Communications Security Corp "ssh" is a registered trademark of SSH Communications Security Corp
in the United States and/or other countries. in the United States and/or other countries.
References References
[1] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and [1] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and
P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January
1999. 1999.
[2] Institute of Electrical and Electronics Engineers, "Information [2] Alvestrand, H., "IETF Policy on Character Sets and Languages",
BCP 18, RFC 2277, January 1998.
[3] Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame,
C., Eisler, M. and D. Noveck, "NFS version 4 Protocol", RFC
3010, December 2000.
[4] Institute of Electrical and Electronics Engineers, "Information
Technology - Portable Operating System Interface (POSIX) - Part Technology - Portable Operating System Interface (POSIX) - Part
1: System Application Program Interface (API) [C Language]", 1: System Application Program Interface (API) [C Language]",
IEEE Standard 1003.2, 1996. IEEE Standard 1003.2, 1996.
[3] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. [5] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.
Lehtinen, "SSH Protocol Architecture", draft-ietf-secsh- Lehtinen, "SSH Protocol Architecture", draft-ietf-secsh-
architecture-09 (work in progress), July 2001. architecture-13 (work in progress), September 2002.
[4] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. [6] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.
Lehtinen, "SSH Protocol Transport Protocol", draft-ietf-secsh- Lehtinen, "SSH Protocol Transport Protocol", draft-ietf-secsh-
architecture-09 (work in progress), July 2001. transport-15 (work in progress), September 2002.
[5] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. [7] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.
Lehtinen, "SSH Connection Protocol", draft-ietf-secsh-connect-11 Lehtinen, "SSH Connection Protocol", draft-ietf-secsh-connect-16
(work in progress), July 2001. (work in progress), September 2002.
[6] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. [8] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.
Lehtinen, "SSH Authentication Protocol", draft-ietf-secsh- Lehtinen, "SSH Authentication Protocol", draft-ietf-secsh-
userauth-11 (work in progress), July 2001. userauth-16 (work in progress), September 2002.
Authors' Addresses Authors' Addresses
Joseph Galbraith
VanDyke Software
4848 Tramway Ridge Blvd
Suite 101
Albuquerque, NM 87111
US
Phone: +1 505 332 5700
EMail: galb-list@vandyke.com
Tatu Ylonen Tatu Ylonen
SSH Communications Security Corp SSH Communications Security Corp
Fredrikinkatu 42 Fredrikinkatu 42
HELSINKI FIN-00100 HELSINKI FIN-00100
Finland Finland
EMail: ylo@ssh.com EMail: ylo@ssh.com
Sami Lehtinen Sami Lehtinen
SSH Communications Security Corp SSH Communications Security Corp
Fredrikinkatu 42 Fredrikinkatu 42
HELSINKI FIN-00100 HELSINKI FIN-00100
Finland Finland
EMail: sjl@ssh.com EMail: sjl@ssh.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2001). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/